The low-code GOSS SelfServe Platform provides Public Sector (Local/Central/Government/Authority/ Council/Police/NHS) clients CRM-Lite capabilities to design, develop and build custom website/portal forms and workflows, enable online customer transactions and deliver enhanced self/assisted-service for citizens, reducing organisation overhead costs. GOSS SelfServe workflows can be optionally integrated with back office systems/data.
- Plug-in to existing websites. No need to replace CMS.
- Responsive WCAG accessible portal design accelerates desktop and mobile channel-shift.
- Task Manager: control panel for case management and job allocation.
- Web Forms, Process Mapping and Workflow, MyAccount, Self-Service, Assisted-Service.
- Utilise complex business process mapping (BPM) and transaction logic.
- Citizens can upload geotagged pictures for incident reporting.
- Process: Customer Experience Management, Personalised Content, Channel Shift Online.
- Electronic enquiry forms can be linked to intelligent workflow processes.
- Cloud Support Services available to achieve Digital Services/Customer Self-Service.
- Options: Payment Connectors, Authentication, Performance Dashboards, Case Management.
- Channel Shift savings can be made by enabling online-transactional capabilities.
- Business Transformation: proven return on investment (ROI) within months.
- Improved customer satisfaction encourages additional online self-service, further reducing costs.
- CRM-Light: Business Process Mapping logic enables efficient integrated transactions.
- Forms integrate easily: quicker back office integrations. AI/Chatbot integration.
- Customer Account self-service 24/7 from mobile devices/tablets/desktops.
- Secure Authentication via range of services: Google, Facebook, mygovscot etc.
- Customer Service Agents assist citizen transition to Self-Service.
- Automatically update customers via emails/system updates throughout active transactions.
- Share best practice within the active GOSS User Group Community.
£995 to £2895 per instance per month
GOSS Interactive Ltd
+44 0 844 880 3637
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
GOSS Content (Content Management System).
Other 3rd party CMS for websites and/or intranets.
|Cloud deployment model||Hybrid cloud|
|Service constraints||Planned maintenance will be agreed as required. Support available for GOSS-trained users. Java or .NET MVC website templates provided/supported.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support response will vary in line with the Software Service purchased and the incident severity/nature. Responses from 30 mins to 4 hours. UK-based Service Helpdesk open 8am to 6pm Monday to Friday excluding English Bank holidays for emails, calls, webchat where applicable. Online ticketing available 24/7/365. Hosting Monitoring provided 24/7/365. Please refer to detailed support SLAs in the GOSS Service Definition document.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||Internal QA testing|
|Onsite support||Yes, at extra cost|
The GOSS Support provided within the GOSS Cloud Software Service fee includes:
- Service monitoring and maintenance by a team of dedicated Network Support Engineers, maintaining and supporting the hosting infrastructure 24/7/365.
- Application updates and patching as required by new software releases and relevant to software service level chosen.
- Dependent upon Software Service Level purchased, user support will be provided for GOSS-trained users by either (1) online 24/7/365 ticketing, (2) office hours webchat, (3) office hours email, (4) office hours Help Desk support, or a combination of these. Incidents are allocated a priority level appropriate to the incident/issue and responded to accordingly - please see the GOSS Service Definition for further details.
Where applicable, a dedicated Client Support Technician is allocated, however all Help Desk staff are trained to support all clients. An Account Manager is allocated to each GOSS client and will be in regular contact, ensuring ongoing customer satisfaction. Support upgrades and additional support and consultancy can be provided based on a day rate or Service increase if required. Please refer to the GOSS Pricing and Service Definition Documents.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Project Management: A Project Manager and Account Manager are assigned, and will review any client requirements for specific configuration and support. A deployment plan is generated in agreement with the client which covers the deployment of the requested Cloud Service, together with any optional modules and known configuration requirements. The on-boarding deployment process commences, whilst the training consultation takes place to ensure the training programme meets the needs of the range of trainees. Customers are provided a selection of training dependent upon their specific needs, with certain training being mandatory. This can include online webinars, onsite training, offsite training. User documentation includes: online context sensitive help to a help website, training guides. Help site provided via Cloud Software Service and training guides when training provided. A range of Cloud Support services are available to support a variety of projects.|
|End-of-contract data extraction||As detailed in the GOSS Client Service Manual, the secure off-boarding data extract process will be agreed as part of the Client Exit Plan and agreed within the Client Call-Off Contract. GOSS will provide a data extract in a structured, commonly used and machine readable format. Once complete and after the agreed retention period, data will be destroyed in line with GOSS ISO 27001 information security policies.|
|End-of-contract process||The GOSS Exit Plan is deployed as per the initial Call-Off Agreement in line with GOSS ISO 27001 processes. The Leaver Checklist process actions are performed within the termination period and include: Data Extraction and Transfer, Financial Settlements, GOSS/Support Systems Access Disabled, GOSS Internal System Updates, Decommissioning of Servers, Supply Certificate of Destruction. Whether an exit occurs as a result of Contract Expiry or Termination, GOSS Interactive will ensure a continued service, as defined in the original contract, is maintained throughout the notice period, that relevant data is held, transferred, returned and destroyed securely, that knowledge and documentation transfer takes place as required, and that costs, timescales, governance and legal requirements are clear and transparent.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The citizen and customer self-service portals managed using this service are responsively designed, so that content such as eforms, will automatically resize appropriate to the device accessing the page, be this a desktop, tablet or mobile device, enabling end customers/citizens to view and complete form and view a service request status as required.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
For all site and portal designs & themes, GOSS checks they are fully W3C compliant - from checking colour contrast to font sizes, we consider the user and their needs. Once the designs are complete, we have the ability here to run testing sessions with users of assistive technology, to check the usability of the designs. This would involve creating prototypes that allow the users to click through the designs to see which areas are working and showing alternative solutions (A/B tests), all before going to build.
GOSS ensures websites managed by the GOSS service are WCAG 2.1 AA compliant and verifies this using various accessibility validators and testers (such as Total Validator and Colour Contrast Analyser), to ensure compliance with the standard. As there are a huge number of commercially available assistive technologies on the market, it would be impossible to test all, so the approach taken is to ensure compliance with the international standard, that these assistive technologies will themselves support and be compliant with.
The GOSS G-Cloud Cloud Software Services include accessible site themes/portals tested to WCAG 2.1 AA, and GOSS clients are using a range of assistive technologies to gain access to the websites/intranets and portals.
|What users can and can't do using the API||
Access to elements of the GOSS SelfServe Platform is possible using the platform’s API Server. The Server runs multiple Worker-Services, each of which has its own documented API. These services are called using JSON-RPC and have highly configurable security settings which combine internal/external flags, IP restrictions, API Keys and user defined access controls.
Library content is available for use in forms using the iCMAPI Worker. The forms platform has access to the full range of Worker Services including the FormUtilities, Authentication, Email and Postcode Lookup APIs.
The services and solutions delivered using the SelfServe Platform can be queried, created and updated via dedicated APIs. These include the History Worker, which provides a flexible and extendable logging module for services, and the Workflow Worker Service, which provides the underlying technology for the GOSS Business Process Implementation.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Using this service, MyAccount self-service portal content can be edited such as forms, processes, and end-to-end transactional services including End Point Integrations.
Customisations are performed using the various tools provided with the SelfServe Platform Cloud Service such as the drag and drop forms designer, and the process and workflow engine, and End Points (API server) creator which when combined, can create effective online end to end transactional services. These are then accessed via the citizen's MyAccount for customer self-service and assisted-service.
Users with appropriate permission can edit the above features. Administrators can control which users and user groups can access and edit different parts of the Platform, based on granular access permission settings.
Please see the service definition for more information.
|Independence of resources||The GOSS Service is scaled to meet client transactional volumetric requirements and anticipated growth in line with the GOSS suggested fair usage policy as detailed in the Service Definition Document. If future volumes exceed usage within the current solution, the Service can be scaled-up to cope with additional demand as required by moving to the next appropriate service level as detailed within the pricing document. By using analysis tools, each individual server and service is carefully calibrated to achieve optimum efficiency and performance.|
|Service usage metrics||Yes|
|Metrics types||Monthly Availability performance reports shared with all Cloud clients. Metrics provided within application to display Google Analytics statistics. Software includes management reporting function. Performance dashboards can be deployed to share performance information.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||HTML, XML, CSV, BPMN2.0|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||
HTTPS for all service access (TLS version 1.2 or above)
IPsec VPN between service and 3rd party suppliers / customer / other services where HTTPS cannot be utilised. SSL certificate and SSL/TLS hardening best practices applied on services, non-http based integration requirements utilise IPsec VPN connections to secure data in transit.
Protection between networks: Zoned network architecture using DMZs, firewalls etc. to segregate areas utilising defence in depth and tiered network architecture.
GOSS can work with individual clients to ascertain and meet protection needs, based on their individual security/service requirements. Please note additional GOSS Cloud Support fees may be applicable.
|Data protection within supplier network||
|Other protection within supplier network||Data in transit within our hosting environment is protected using SSL/TLS where possible. Any data flows that cannot be protected using SSL/TLS will be segregated from other clients by using dedicated virtual networks per client and environment.|
Availability and resilience
99.95% Site availability with 99.99% Network Availability.
24/7/365 hosting support.
See GOSS Terms and Conditions for Service Credit schedule relating to Site/Network availability.
|Approach to resilience||The GOSS Cloud Services infrastructure is powered by various public cloud providers including Amazon Web Services and Google Cloud Platform, enabling GOSS to deliver a cloud-agnostic, high performance, high security and most of all highly reliable platform for the delivery of client services. Further details on our approach to availability and resilience is available upon request and will be detailed in the client Services Manual provided to all GOSS clients.|
GOSS Incident ticketing system is used. GOSS provides monthly reports confirming site availability. GOSS will provide access to the GOSS Online Support System to allow clients to check performance against support issue SLAs.
Our service report covers site availability and Priority 1 incident management information reported to our Support Service Desk. Other updates such as planned maintenance, upgrades, patches, User Voice, and security are summarised on the GOSS website through the GOSS Clientzone secure portal.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||2-factor authentication for site registration only. 3rd party (i.e. Google, social media etc) via GOSS Expansions. VPN expansion available. See Pricing/Service Definition for more details.|
|Access restrictions in management interfaces and support channels||
Management Interfaces are controlled by a powerful and granular user management system. System Administrator can configure a range of users with access to various parts of the Service as required.
Support is provided only to GOSS-trained staff as listed in the GOSS Support System. Support provide fixes only, any system config is subject to the GOSS ISO certified Change Control procedure which requires sign-off by system admin as defined in the GOSS Service Manual.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||27/7/16|
|What the ISO/IEC 27001 doesn’t cover||Nothing.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Plus|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||GOSS are certified in ISO 27001:2013 for Information Security Management and ISO 9001:2015 for Quality Management. All GOSS Staff are inducted and regularly trained in all relevant ISO Information Security Policies and processes as defined in the GOSS Information Security Manual. GOSS employs an ISO Manager who (reporting into the MD) is responsible for ensuring the ongoing training, deployment, enhancement of the company ISO policies and to ensure that all staff comply. Internal and external audits take place regularly to ensure ongoing compliance. The GOSS secure staff Intranet includes links to the GOSS Information Security Manual, information asset list, statement of applicability and other information. There is also secured access to additional information and processes such as the Disaster Recovery Plan/Business Continuity Plan. The Information Security Manual (ISMS) details the company Security Policy, various staff/team responsibilities, risk management, asset management, HR Security, physical/environmental security, access control, operational control, Business Continuity Management. The Senior Management team are informed of any new ISO information/issues which are then shared as appropriate across the various teams - however ALL staff have a responsibility to ensure their actions are compliant with both ISO policies and procedures.|
|Configuration and change management standard||Supplier-defined controls|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||GOSS ISO 27001:2013 process: regularly monitor/scan servers, computers and network for vulnerabilities. Should any be found it is policy to assess for severity, impact and urgency and mitigate the issues as required. All are managed and maintained within a risk log. Constant monitoring across all major security bulletins ensures that our Development/Network Engineers are immediately notified should problems arise. Actively review OWASP news feeds to learn, adapt to, implement latest security standards in all GOSS products and services. Network Engineers monitor security bulletins from relevant vendors and organisations such as CERT UK, US CERT, Cisco, Red Hat, Microsoft and VMware.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||GOSS ISO 27001:2013 process following industry best practice: Network Engineers monitor security bulletins from relevant vendors and organisations such as CERT UK, US CERT, Cisco, Red Hat, Microsoft and VMware and take positive action where required in line with the GOSS ISO Security Manual. A centralised site availability monitoring system is used to automatically alert engineers in and out of hours, depending on the impact and the severity of the event. An event will automatically get escalated if an on call engineer does not investigate within a certain period of time as per our Incident Management Policy and SLA.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
GOSS ISO27001 Security Manual details the Incident Management Policy for the management and reporting of security incidents. The objective is to minimise the damage from security incidents and to monitor and learn from such incidents. Process for incident management covering software, hosting or client support related issues including documented call-out procedure and escalation procedure. Support process defines incident priorities and response/resolution timescales.
Users report incidents via 24/7/365 online ticketing system, or via email, phone or LiveChat during stated helpdesk hours.
Incident reports and updates are provided via the GOSS online ticketing and reporting system.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£995 to £2895 per instance per month|
|Discount for educational organisations||No|
|Free trial available||No|